<html>
<head>
<base href="https://bugzilla.rosalinux.ru/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Platform</th>
<td>2021.1
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - [CVE 21] glib 1.2.10 CVEs found"
href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13523">13523</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[CVE 21] glib 1.2.10 CVEs found
</td>
</tr>
<tr>
<th>Classification</th>
<td>ROSA-based products
</td>
</tr>
<tr>
<th>Product</th>
<td>ROSA Fresh
</td>
</tr>
<tr>
<th>Version</th>
<td>All
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>URL</th>
<td>CVE-2020-35457, CVE-2021-27218, CVE-2021-27219, CVE-2021-28153, CVE-2021-3800,
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>CONFIRMED
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>Normal
</td>
</tr>
<tr>
<th>Component</th>
<td>System (kernel, glibc, systemd, bash, PAM...)
</td>
</tr>
<tr>
<th>Assignee</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Reporter</th>
<td>y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>CC</th>
<td>e.kosachev@rosalinux.ru, s.matveev@rosalinux.ru, y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>Target Milestone</th>
<td>---
</td>
</tr>
<tr>
<th>Flags</th>
<td>secteam_verified?
</td>
</tr></table>
<p>
<div>
<pre>Please patch CVEs for package glib version 1.2.10
INFO (CVEs are): glib 1.2.10
cves found
CVE-2020-35457
Desc: ** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that
might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the
vendor's position is "Realistically this is not a security issue. The standard
pattern is for callers to provide a static list of option entries in a fixed
number of calls to g_option_group_add_entries()." The researcher states that
this pattern is undocumented.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-35457">https://nvd.nist.gov/vuln/detail/CVE-2020-35457</a>
Severity: HIGH
CVE-2021-27218
Desc: An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before
2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a
64-bit platform, the length would be truncated modulo 2**32, causing unintended
length truncation.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27218">https://nvd.nist.gov/vuln/detail/CVE-2021-27218</a>
Severity: HIGH
CVE-2021-27219
Desc: An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before
2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms
due to an implicit cast from 64 bits to 32 bits. The overflow could potentially
lead to memory corruption.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27219">https://nvd.nist.gov/vuln/detail/CVE-2021-27219</a>
Severity: HIGH
CVE-2021-28153
Desc: An issue was discovered in GNOME GLib before 2.66.8. When
g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a
path that is a dangling symlink, it incorrectly also creates the target of the
symlink as an empty file, which could conceivably have security relevance if
the symlink is attacker-controlled. (If the path is a symlink to a file that
already exists, then the contents of that file correctly remain unchanged.)
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-28153">https://nvd.nist.gov/vuln/detail/CVE-2021-28153</a>
Severity: MEDIUM
CVE-2021-3800
Desc: A flaw was found in glib before version 2.63.6. Due to random charset
alias, pkexec can leak content from files owned by privileged users to
unprivileged ones under the right condition.
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3800">https://nvd.nist.gov/vuln/detail/CVE-2021-3800</a>
Severity: MEDIUM</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>